As electronic mail and other data transmission methods gain in popularity and become more and more widespread both as to the number of people availing themselves of such services and the number of messages being sent by way of these channels, there is a growing need for simple, secure and reliable encryption of the data being transmitted. This is especially so because a steadily increasing proportion of such data is of a proprietary or otherwise sensitive nature which, were such information to fall into the wrong hands, could be detrimental or, at the very least, embarrassing to the issuer of the transmitted information and/or its intended recipient.
To satisfy this need for transmission security, there have been developed and are currently available a variety of devices and algorithms for encoding information to be transmitted and for subsequently decoding the encoded information after it has reached the intended recipient. Of course, it is important to encrypt the information in such a manner as to make it difficult, if not substantially impossible, to break the code or key used in the encryption. This, coupled with safeguarding of the key itself by all persons having access to that key, provides a high degree of assurance that anyone who may have received or intercepted the transmission without being authorized to learn of its contents will be unable to decipher the message contained in the transmission.
Of course, it would be possible, and is in fact required when operating in accordance with the Digital Encryption Standard (DES) currently applicable to electronic mail (E-mail), for the issuer and the intended recipient to agree upon or notify one another of a particular encoding key to be used. Such key could then be employed for all encrypted communications sent by the respective issuer, or all those taking place between the respective parties, or such communications occurring within a certain time span, as on a particular day, or even to individual messages. This encoding key information exchange may take place either well in advance of the time for a particular communication or, especially when using a different key for each transmission, just prior to the intended transmission time.
Each of these approaches, however, suffers from one or more serious disadvantages. For one thing, the wider the dissemination of the key, the more likely that its safety will be compromised. Similarly, the longer the key is in use--in terms of time alone or of the cumulative length of the transmissions sent--the more likely it is that it may be broken or discovered by an interloper. In addition, the greater the number of keys to be used--either for different recipients or for different time periods--the more difficult it is to assure that the proper key will be used for the particular transmission. Finally, the more often the parties need to obtain or forward the encoding keys, the more likely it is that the particular key will be intercepted during such information exchange, even if not only a different communication but also a different communications channel (such as a telephone) than that to be used for the coded data transmission (i.e. a data link) were to be employed to carry the information about the encoding key.
These and other deficiencies have lead to the development of additional alternatives to secure data transmission. One currently employed alternative approach, commonly referred to as RSA public key encryption, involves the use of a total of four encryption keys--two for each party, one public and the other private. Each party knows (e.g. is able to retrieve from a safe storage location) its own public and private keys, and is able to obtain the public key of the respective other party since that key, as its name implies, is available to the "public", or at least to the system users or subscribers. In use, two such keys are actually employed at each of the issuing and receiving ends. More particularly, the initiator or originator of the transmission (i.e. the party desiring to send an encrypted message) first encodes the message using his or her own private code key, and then re-encodes such encoded message using the other party's (intended recipient's) public code key. The thus doubly-encoded message is then sent to the intended recipient and must be decoded at that end before the original message can be deciphered. To this end, a double decoding process akin to the double encoding process is performed at the recipient end, first using the recipient's private key and then decoding the result by utilizing the sender's public key.
It will be appreciated that this approach is rather complex and cumbersome in that it requires double use of the respective coding (i.e. encoding or decoding, as the case may be) technique and/or equipment at each end, and cannot be performed (i.e. successfully commenced and concluded) unless each of the parties has the correct public key of the other party and uses it in conjunction with his or her own correct private key during the respective coding operation. The need for double coding and attendant entry of two different coding keys at each end of the transmission significantly increases the risk that machine or human error could result in the presentation of a garbled or otherwise indecipherable message to the intended recipient.